1462 matches found
DEBIAN-CVE-2006-0582
Unspecified vulnerability in rshd in Heimdal 0.6.x before 0.6.6 and 0.7.x before 0.7.2, when storing forwarded credentials, allows attackers to overwrite arbitrary files and change file ownership via unknown vectors...
CVE-2005-4536
Mail::Audit module in libmail-audit-perl 2.1-5, when logging is enabled without a default log file specified, uses predictable log filenames, which allows local users to overwrite arbitrary files via a symlink attack on the PID-audit.log temporary file...
GLSA-200601-01 : pinentry: Local privilege escalation
The remote host is affected by the vulnerability described in GLSA-200601-01 pinentry: Local privilege escalation Tavis Ormandy of the Gentoo Linux Security Audit Team has discovered that the pinentry ebuild incorrectly sets the permissions of the pinentry binaries upon installation, so that the...
texindex -- temporary file privilege escalation
Problem description The "sortoffline" function used by texindex1 employs the "maketempname" function, which produces predictable file names and fails to validate that the paths do not exist. Impact These predictable temporary file names are problematic because they allow an attacker to take...
ee -- temporary file privilege escalation
Problem description The ispellop function used by ee1 while executing spell check operations employs an insecure method of temporary file generation. This method produces predictable file names based on the process ID and fails to confirm which path will be over written with the user. It should b...
CVE-2006-0071
The ebuild for pinentry before 0.7.2-r2 on Gentoo Linux sets setgid bits for pinentry programs, which allows local users to read or overwrite arbitrary files as gid 0...
DEBIAN-CVE-2005-4802
Flexbackup 1.2.1 and earlier allows local users to overwrite files and execute code via a symlink attack on temporary files. NOTE: the raw source referenced an incorrect candidate number; this is the correct number to use...
CVE-2005-4691
imake in NetBSD before 2.0.3, NetBSD-current before 12 September 2005, certain versions of X.Org, and certain versions of XFree86 allows local users to overwrite arbitrary files via a symlink attack on the temporary file for the file.0 target, which is used for a pre-formatted manual page...
CVE-2005-3342
noweb 2.10c and earlier allows local users to overwrite arbitrary files via symlink attacks on temporary files in 1 lib/toascii.nw and 2 shell/roff.mm...
CVE-2005-3126
The 1 kantiword kantiword.sh and 2 gantiword gantiword.sh scripts in antiword 0.35 and earlier allow local users to overwrite arbitrary files via a symlink attack on temporary a output and b error files...
CVE-2005-4871
Certain XML functions in IBM DB2 8.1 run with the privileges of DB2 instead of the logged-in user, which allows remote attackers to create or overwrite files via 1 XMLFileFromVarchar or 2 XMLFileFromClob, or read files via 3 XMLVarcharFromFile or 4 XMLClobFromFile...
CVE-2005-3342
noweb 2.10c and earlier allows local users to overwrite arbitrary files via symlink attacks on temporary files in 1 lib/toascii.nw and 2 shell/roff.mm...
CVE-2005-3341
DHIS tools DNS package dhis-tools-dns before 5.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files created by 1 register-q.sh and 2 register-p.sh...
CVE-2005-3341
DHIS tools DNS package dhis-tools-dns before 5.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files created by 1 register-q.sh and 2 register-p.sh...
security flaw
Multiple scripts in the perl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files...
CVE-2004-2643
Technical details (affected products, versions, root cause, impact, and fixes) are not publicly available in the provided connected documents. Monitor for updates.
CVE-2005-3331
viewpatch in mgdiff 1.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files...
CVE-2005-2748
The malloc function in the libSystem library in Apple Mac OS X 10.3.9 and 10.4.2 allows local users to overwrite arbitrary files by setting the MallocLogFile environment variable to the target file before running a setuid application...
CVE-2005-2126
The FTP client in Windows XP SP1 and Server 2003, and Internet Explorer 6 SP1 on Windows 2000 SP4, when "Enable Folder View for FTP Sites" is enabled and the user manually initiates a file transfer, allows user-assisted, remote FTP servers to overwrite files in arbitrary locations via crafted...
DSA-848-1 masqmail - several
Bulletin has no description...